CVE-2006-5852

OpenBase SQL <10.0.1 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5852. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit leverages insecure system() calls in OpenBase 10.0 to achieve privilege escalation by overwriting system binaries (cp, killall, rm) with malicious versions that spawn a root shell. It compiles and replaces binaries in /tmp to execute arbitrary commands with elevated privileges.

Description

Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · perllocalosx

https://www.exploit-db.com/exploits/2738

View Code ZIP pw:eip

This exploit leverages insecure system() calls in OpenBase 10.0 to achieve privilege escalation by overwriting system binaries (cp, killall, rm) with malicious versions that spawn a root shell. It compiles and replaces binaries in /tmp to execute arbitrary commands with elevated privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: OpenBase 10.0

No auth needed

Prerequisites: Local access to the target system · OpenBase 10.0 installed with vulnerable binaries

MITRE ATT&CK